Cisco N5K-C5010P-BF Troubleshooting Guide - Page 132
CLI rejects feature-group removal, AAA, User cannot login through TACACS+ or RADIUS authentication - default password
![]() |
UPC - 882658212208
View all Cisco N5K-C5010P-BF manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 132 highlights
Chapter 6 Troubleshooting Security Issues AAA Send document comments to [email protected]. Solution NX-OS does not activate role configuration changes dynamically. You needs to log in again to have the configuration changes to the new role come into effect. CLI rejects feature-group removal The CLI rejects the no role feature-group name command when the administrator tries to delete a feature-group. Possible Cause A CLI error indicates that the feature group is in use, which means that it is included in one of the role configurations. Solution To address the error, perform the following steps: • Use the show role | egrep role:|feature-group command to display which feature group is associated with the role or under which role. • Detach the association with the no rule command within the role configuration mode, and then delete the feature group. AAA User cannot login through TACACS+ or RADIUS authentication With the server group properly configured for the Nexus 5000 switch and the server group is assigned the aaa authentication login default configuration on TACACS+ or RADIUS servers, the Telnet or SSH login fails to authenticate users with the following error: %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond Possible Cause AAA group is not configured with the correct VRF to access servers. Solution Perform the following steps to enable login: • Check which AAA group is being used for authentication with the show running-config aaa and show aaa authentication commands. • For TACACS+, check the VRF association with the AAA group with the show tacacs-server groups and show running-config tacacs+ commands. • For RADIUS, check the VRF association with the AAA group with the show radius-server groups and show running-config radius commands. • Correct the VRF association, then test the VRF setting with the test aaa group command. • If the test aaa command returns the error, "user has failed authentication", then the server is accessable but the credentials for the user account are incorrect. Verify that the user configuration is correct on the server. Cisco Nexus 5000 Series Troubleshooting Guide 6-4 OL-25300-01
![](/manual_guide/products/cisco-n5kc5020pbf-troubleshooting-guide-17dba74/132.png)